Why API Security is Crucial in Defending Against Ransomware Attacks | #ransomware | #cybercrime

Ransomware attacks have become increasingly sophisticated and prevalent in recent years, posing a significant threat to businesses and organizations of all sizes. These attacks involve cybercriminals encrypting a victim’s data and demanding a ransom payment in exchange for the decryption key. The average cost of a ransomware attack in 2021 was $1.8 million, and this figure is only expected to rise in the coming years.

One of the key reasons ransomware attacks are so successful is that they take advantage of application programming interfaces (APIs) in the delivery of ransomware and exfiltration data. Strictly speaking, APIs are not as susceptible to malware as traditional hosts. However, APIs often do play a key role in a ransom event, making their security an important part of a ransomware defense strategy.

How APIs Are Involved in Ransomware Attacks

There are three primary ways in which APIs can be directly involved in ransomware attacks.

First, the API itself can be the delivery vehicle for malware to plant ransomware on a host/server. It’s commonplace for us to think about an inbound email campaign with a malicious URL or payload; a phishing or spearphishing attempt. However, it’s equally necessary to consider that ransomware can also be delivered via API to execute remote code on an unsuspecting host.

Second, an API can be exploited by a ransomware gang to be used as the data exfiltration vehicle, either by using a service/DLL API or by installing new APIs to be used for command and control (C2) or encryption key management. Again, these are not exploitations of the API but instead take advantage of an API’s functionality to hide inside the noise of a network’s normal traffic flows. These are particularly difficult for most organizations to discover because they require immediate detection of a new API or new data type trafficked via API. Only a sophisticated, automated API discovery capability can spot the use of these elicit APIs and enable automated blocking of C2 calls or data exfiltration.

Third, ransomware gangs can undertake a very effective ransom attack without installing malware at all, merely siphoning data from a leaky API to hold hostage. There are several examples, but most notably, the Optus ransom event in Australia. In this event, data stolen from a leaky public API was held for ransom, creating significant long-term organizational impact, but without any installation of ransomware directly on the victim.

How to Protect Your APIs From Ransomware Attacks

There are a number of things that businesses can do to protect their APIs from ransomware attacks. These include:

  • Implementing strong API authentication and authorization controls: This will help to ensure that only authorized users can access your APIs.
  • Regularly scanning your APIs for vulnerabilities: This will help to identify and fix any vulnerabilities that attackers could exploit.
  • Monitoring your APIs for suspicious data movement: This will help to detect and respond to the movement of sensitive data outside of approved pathways.
  • Using API gateways: API gateways can provide an additional layer of security by acting as a middleman between your APIs and the outside world.
  • Using an API security platform: A purpose-built API security platform will provide key capabilities to protect your API attack surface, including testing, discovery, posture management and runtime controls.
  • Educating your employees about API security: This will help them understand the risks of using APIs and how to protect themselves from attacks.

By taking these steps, businesses can significantly reduce their risk of falling victim to a ransomware attack.

Attackers will try to use any and every potential weakness to execute a successful ransomware attack. The rapid growth of APIs, combined with the potential to exploit them, makes APIs an attractive target for breach attempts. In order to protect themselves, organizations must adopt an API security mindset as a key part of their cybersecurity strategy. As mentioned above, this requires taking steps across the estate and across teams to address properly. By taking the necessary steps to protect your APIs, you can help keep your business safe from the growing threat of ransomware attacks.

Source link


National Cyber Security